diff --git a/hw/straylight/default.nix b/hw/straylight/default.nix
index 9172441..4a4c50c 100644
--- a/hw/straylight/default.nix
+++ b/hw/straylight/default.nix
@@ -18,6 +18,12 @@
       DeviceAllow = [ "/dev/kvm rw" "/dev/net/tun rw" ];
       SupplementaryGroups = [ "kvm" ];
       AmbientCapabilities = [ "CAP_NET_ADMIN" ];
+      # The agent launches each unikernel as a daemonized QEMU process in its
+      # own cgroup. With the default KillMode=control-group, restarting the
+      # agent would SIGKILL every running VM. KillMode=process kills only the
+      # agent's main process on stop/restart, so VMs survive an agent upgrade.
+      # (If a VM does die, the agent's startup Recover restarts it.)
+      KillMode = lib.mkForce "process";
     };
     # Let the mcp user reach /dev/kvm directly as well.
     users.users.mcp.extraGroups = [ "kvm" ];